summaryrefslogtreecommitdiffstats
path: root/src/vnet/interface.api
blob: d30f1c285ea3b5fb3113dfb7ae48db24217656a1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
<
/* Hey Emacs use -*- mode: C -*- */
/*
 * Copyright (c) 2018 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

option version = "2.3.1";

import "vnet/interface_types.api";

service {
  rpc want_interface_events returns want_interface_events_reply
    events sw_interface_event;
};

/** \brief Set flags on the interface
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_if_index - index of the interface to set flags on
    @param admin_up_down - set the admin state, 1 = up, 0 = down
    @param link_up_down - Oper state sent on change event, not used in config.
*/
autoreply define sw_interface_set_flags
{
  u32 client_index;
  u32 context;
  u32 sw_if_index;
  /* 1 = up, 0 = down */
  u8 admin_up_down;
};

/** \brief Set interface physical MTU
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_if_index - index of the interface to set MTU on
    @param mtu - MTU
*/
autoreply define hw_interface_set_mtu
{
  u32 client_index;
  u32 context;
  u32 sw_if_index;
  u16 mtu;
};

/** \brief Set interface L3 MTU */
autoreply define sw_interface_set_mtu
{
  u32 client_index;
  u32 context;
  u32 sw_if_index;
  /* $$$$ Replace with enum */
  u32 mtu[4]; /* 0 - L3, 1 - IP4, 2 - IP6, 3 - MPLS */
};

/** \brief Set IP4 directed broadcast
    The directed broadcast enabled a packet sent to the interface's
    subnet address will be broadcast on the interface
    @param sw_if_index
    @param enable
*/
autoreply define sw_interface_set_ip_directed_broadcast
{
  u32 client_index;
  u32 context;
  u32 sw_if_index;
  u8  enable;
};

/** \brief Interface Event generated by want_interface_events
    @param client_index - opaque cookie to identify the sender
    @param pid - client pid registered to receive notification
    @param sw_if_index - index of the interface of the event
    @param admin_up_down - The administrative state; 1 = up, 0 = down
    @param link_up_down - The operational state; 1 = up, 0 = down
    @param deleted - interface was deleted
*/
define sw_interface_event
{
  u32 client_index;
  u32 pid;
  u32 sw_if_index;
  u8 admin_up_down;
  u8 link_up_down;
  u8 deleted;
};

/** \brief Register for interface events
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param enable_disable - 1 => register for events, 0 => cancel registration
    @param pid - sender's pid
*/
autoreply define want_interface_events
{
  u32 client_index;
  u32 context;
  u32 enable_disable;
  u32 pid;
};

/** \brief Interface details structure (fix this) 
    @param sw_if_index - index of the interface
    @param sup_sw_if_index - index of parent interface if any, else same as sw_if_index
    @param l2_address_length - length of the interface's l2 address
    @param l2_address - the interface's l2 address
    @param interface_name - name of the interface
    @param link_duplex - 1 if half duplex, 2 if full duplex
    @param link_speed - value in kbps
    @param link_MTU - max. transmission unit
    @param sub_if_id - A number 0-N to uniquely identify this subif on super if
    @param sub_dot1ad - 0 = dot1q, 1 = dot1ad
    @param sub_dot1ah - 1 = dot1ah, 0 = otherwise
    @param sub_number_of_tags - Number of tags (0 - 2)
    @param sub_outer_vlan_id
    @param sub_inner_vlan_id
    @param sub_exact_match
    @param sub_default
    @param sub_outer_vlan_id_any
    @param sub_inner_vlan_id_any
    @param vtr_op - vlan tag rewrite operation
    @param vtr_push_dot1q
    @param vtr_tag1
    @param vtr_tag2
    @param pbb_outer_tag - translate pbb s-tag
    @param pbb_b_dmac[6] - B-tag remote mac address
    @param pbb_b_smac[6] - B-tag local mac address
    @param pbb_b_vlanid - B-tag vlanid
    @param pbb_i_sid - I-tag service id
*/
define sw_interface_details
{
  u32 context;
  u32 sw_if_index;

  /* index of sup interface (e.g. hw interface).
     equal to sw_if_index for super hw interface. */
  u32 sup_sw_if_index;

  /* Layer 2 address, if applicable */
  u32 l2_address_length;
  u8 l2_address[8];

  /* Interface name */
  u8 interface_name[64];

  /* 1 = up, 0 = down */
  u8 admin_up_down;
  u8 link_up_down;

  /* 1 = half duplex, 2 = full duplex */
  u8 link_duplex;

  /* link speed in kbps */
  u32 link_speed;

  /* MTU */
  u16 link_mtu;

  /* Per protocol MTUs */
  u32 mtu[4]; /* 0 - L3, 1 - IP4, 2 - IP6, 3 - MPLS */

  /* Subinterface ID. A number 0-N to uniquely identify this subinterface under the super interface */
  u32 sub_id;

  /* 0 = dot1q, 1=dot1ad */
  u8 sub_dot1ad;
  /* 1 = dot1h, 1=otherwise */
  u8 sub_dot1ah;

  /* Number of tags 0-2 */
  u8 sub_number_of_tags;
  u16 sub_outer_vlan_id;
  u16 sub_inner_vlan_id;
  u8 sub_exact_match;
  u8 sub_default;
  u8 sub_outer_vlan_id_any;
  u8 sub_inner_vlan_id_any;

  /* vlan tag rewrite state */
  u32 vtr_op;
  u32 vtr_push_dot1q;		// ethertype of first pushed tag is dot1q/dot1ad
  u32 vtr_tag1;			// first pushed tag
  u32 vtr_tag2;			// second pushed tag
  u8 tag[64];

  /* pbb tag rewrite info */
  u16 outer_tag;
  u8  b_dmac[6];
  u8  b_smac[6];
  u16 b_vlanid;
  u32 i_sid;
};

/** \brief Request all or filtered subset of sw_interface_details
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_if_index - index of the interface to dump info on, 0 or ~0 if on all
      TODO: Support selecting only index==0 when CSIT is ready.
    @param name_filter_valid - 1 if requesting a filtered subset of records else 0
      if name filter is set as valid, sw_if_index value is ignored and all interfaces are examined
    @param name_filter - interface name substring filter. Eg. loop1 returns [loop1, loop10]
*/
define sw_interface_dump
{
  u32 client_index;
  u32 context;
  vl_api_interface_index_t sw_if_index;
  u8 name_filter_valid;
  u8 name_filter[49];
};

/** \brief Set or delete one or all ip addresses on a specified interface
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_if_index - index of the interface to add/del addresses 
    @param is_add - add address if non-zero, else delete
    @param is_ipv6 - if non-zero the address is ipv6, else ipv4
    @param del_all - if non-zero delete all addresses on the interface
    @param address_length - address length in bytes, 4 for ip4, 16 for ip6
    @param address - array of address bytes
*/
autoreply define sw_interface_add_del_address
{
  u32 client_index;
  u32 context;
  u32 sw_if_index;
  u8 is_add;
  u8 is_ipv6;
  u8 del_all;
  u8 address_length;
  u8 address[16];
};

/** \brief Associate the specified interface with a fib table
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_if_index - index of the interface
    @param is_ipv6 - if non-zero ipv6, else ipv4
    @param vrf_id - fib table/vrf id to associate the interface with
*/
autoreply define sw_interface_set_table
{
  u32 client_index;
  u32 context;
  u32 sw_if_index;
  u8 is_ipv6;
  u32 vrf_id;
};

/** \brief Get VRF id assigned to interface
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_if_index - index of the interface
*/
define sw_interface_get_table
{
  u32 client_index;
  u32 context;
  u32 sw_if_index;
  u8 is_ipv6;
};

/** \brief Reply to get_sw_interface_vrf
    @param context - sender context which was passed in the request
    @param vrf_id - VRF id assigned to the interface
*/
define sw_interface_get_table_reply
{
  u32 context;
  i32 retval;
  u32 vrf_id;
};

/** \brief Set unnumbered interface add / del request
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_if_index - interface with an IP address
    @param unnumbered_sw_if_index - interface which will use the address
    @param is_add - if non-zero set the association, else unset it
*/
autoreply define sw_interface_set_unnumbered
{
  u32 client_index;
  u32 context;
  u32 sw_if_index;		/* use this intfc address */
  u32 unnumbered_sw_if_index;	/* on this interface */
  u8 is_add;
};

/** \brief Clear interface statistics
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_if_index - index of the interface to clear statistics
*/
autoreply define sw_interface_clear_stats
{
  u32 client_index;
  u32 context;
  u32 sw_if_index;
};

/** \brief Set / clear software interface tag
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_if_index - the interface
    @param add_del - 1 = add, 0 = delete
    @param tag - an ascii tag
*/
autoreply define sw_interface_tag_add_del 
{
    u32 client_index;
    u32 context;
    u8 is_add;
    u32 sw_if_index;
    u8 tag[64];
};

/** \brief Set an interface's MAC address
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_if_index - the interface whose MAC will be set
    @param mac_addr - the new MAC address
*/
autoreply define sw_interface_set_mac_address
{
    u32 client_index;
    u32 context;
    u32 sw_if_index;
    u8 mac_address[6];
};

/** \brief Get interface's MAC address
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_if_index - the interface whose MAC will be returned
*/
define sw_interface_get_mac_address
{
    u32 client_index;
    u32 context;
    u32 sw_if_index;
};

/** \brief Reply for get interface's MAC address request
    @param context - returned sender context, to match reply w/ request
    @param retval - return code
    @param mac_addr - returned interface's MAC address
*/
define sw_interface_get_mac_address_reply
{
    u32 context;
    i32 retval;
    u8 mac_address[6];
};

/** \brief Set an interface's rx-mode
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_if_index - the interface whose rx-mode will be set
    @param queue_id_valid - 1 = the queue_id field is valid. 0 means all
      queue_id's
    @param queue_id - the queue number whose rx-mode will be set. Only valid
      if queue_id_valid is 1
    @param mode - polling=1, interrupt=2, adaptive=3
*/
autoreply define sw_interface_set_rx_mode
{
    u32 client_index;
    u32 context;
    u32 sw_if_index;
    u8 queue_id_valid;
    u32 queue_id;
    u8 mode;
};

/** \brief Set an interface's rx-placement
    Rx-Queue placement on specific thread is operational for only hardware
    interface. It will not set queue - thread placement for sub-interfaces,
    p2p and pipe interfaces.
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_if_index - the interface whose rx-placement will be set
    @param queue_id - the queue number whose rx-placement will be set.
    @param worker_id - the worker number whom rx-placement will be at.
    @param is_main - flag to set rx-placement to main thread
*/
autoreply define sw_interface_set_rx_placement
{
    u32 client_index;
    u32 context;
    u32 sw_if_index;
    u32 queue_id;
    u32 worker_id;
    u8 is_main;
};

/** \brief dump the rx queue placement of interface(s)
    @param sw_if_index - optional interface index for which queue placement to
      be requested. sw_if_index = ~0 will dump placement information for all
      interfaces. It will not dump information related to sub-interfaces, p2p
      and pipe interfaces.
*/
define sw_interface_rx_placement_dump
{
  u32 client_index;
  u32 context;
  u32 sw_if_index;
};

/** \brief show the interface's queue - thread placement
    This api is used to display the interface and queue worker
    thread placement. One message per rx-queue per interface will
    be sent to client.
    Each message will contain information about rx-queue id of an
    interface, interface index, thread on which this rx-queue is
    placed and mode of rx-queue.
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_if_index - the interface whose rx-placement will be dumped
    @param queue_id - the queue id
    @param worker_id - the worker id on which queue_id is placed,
                       worker_id = 0 means main thread.
    @param mode - polling=1, interrupt=2, adaptive=3
*/
define sw_interface_rx_placement_details
{
  u32 client_index;
  u32 context;
  u32 sw_if_index;
  u32 queue_id;
  u32 worker_id;
  u8 mode;
};

/* Gross kludge, DGMS */
autoreply define interface_name_renumber
{
  u32 client_index;
  u32 context;
  u32 sw_if_index;
  u32 new_show_dev_instance;
};

define create_subif
{
  u32 client_index;
  u32 context;
  u32 sw_if_index;
  u32 sub_id;

  /* These fields map directly onto the subif template */
  u8 no_tags;
  u8 one_tag;
  u8 two_tags;
  u8 dot1ad;			// 0 = dot1q, 1=dot1ad
  u8 exact_match;
  u8 default_sub;
  u8 outer_vlan_id_any;
  u8 inner_vlan_id_any;
  u16 outer_vlan_id;
  u16 inner_vlan_id;
};

define create_subif_reply
{
  u32 context;
  i32 retval;
  u32 sw_if_index;
};

/** \brief Create a new subinterface with the given vlan id
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_if_index - software index of the new vlan's parent interface
    @param vlan_id - vlan tag of the new interface
*/
define create_vlan_subif
{
  u32 client_index;
  u32 context;
  u32 sw_if_index;
  u32 vlan_id;
};

/** \brief Reply for the vlan subinterface create request
    @param context - returned sender context, to match reply w/ request
    @param retval - return code
    @param sw_if_index - software index allocated for the new subinterface
*/
define create_vlan_subif_reply
{
  u32 context;
  i32 retval;
  u32 sw_if_index;
};

/** \brief Delete sub interface request
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_if_index - sw index of the interface that was created by create_subif
*/
autoreply define delete_subif {
  u32 client_index;
  u32 context;
  u32 sw_if_index;
};

/** \brief Create loopback interface request
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param mac_address - mac addr to assign to the interface if none-zero
*/
define create_loopback
{
  u32 client_index;
  u32 context;
  u8 mac_address[6];
};

/** \brief Create loopback interface response
    @param context - sender context, to match reply w/ request
    @param sw_if_index - sw index of the interface that was created
    @param retval - return code for the request
*/
define create_loopback_reply
{
  u32 context;
  i32 retval;
  u32 sw_if_index;
};

/** \brief Create loopback interface instance request
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param mac_address - mac addr to assign to the interface if none-zero
    @param is_specified - if non-0, a specific user_instance is being requested
    @param user_instance - requested instance, ~0 => dynamically allocate
*/
define create_loopback_instance
{
  u32 client_index;
  u32 context;
  u8 mac_address[6];
  u8 is_specified;
  u32 user_instance;
};

/** \brief Create loopback interface instance response
    @param context - sender context, to match reply w/ request
    @param sw_if_index - sw index of the interface that was created
    @param retval - return code for the request
*/
define create_loopback_instance_reply
{
  u32 context;
  i32 retval;
  u32 sw_if_index;
};

/** \brief Delete loopback interface request
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_if_index - sw index of the interface that was created
*/
autoreply define delete_loopback
{
  u32 client_index;
  u32 context;
  u32 sw_if_index;
};

/** \brief Enable or disable detailed interface stats
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_if_index - The interface to collect detail stats on. ~0 implies
                         all interfaces.
    @param enable_disable - set to 1 to enable, 0 to disable detailed stats
*/
autoreply define collect_detailed_interface_stats
{
  u32 client_index;
  u32 context;
  u32 sw_if_index;
  u8  enable_disable;
};

/*
 * Local Variables:
 * eval: (c-set-style "gnu")
 * End:
 */
VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id, addr_any, addr_bcast, addr_any, addr_bcast, socket.IPPROTO_AH) params.spd_policy_out_any = VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id, addr_any, addr_bcast, addr_any, addr_bcast, socket.IPPROTO_AH, is_outbound=0) objs.append(params.spd_policy_out_any) objs.append(params.spd_policy_in_any) e1 = VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id, remote_tun_if_host, remote_tun_if_host, self.pg1.remote_addr[addr_type], self.pg1.remote_addr[addr_type], 0, priority=10, policy=e.IPSEC_API_SPD_ACTION_PROTECT, is_outbound=0) e2 = VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, self.pg1.remote_addr[addr_type], self.pg1.remote_addr[addr_type], remote_tun_if_host, remote_tun_if_host, 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT, priority=10) e3 = VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id, remote_tun_if_host, remote_tun_if_host, self.pg0.local_addr[addr_type], self.pg0.local_addr[addr_type], 0, priority=20, policy=e.IPSEC_API_SPD_ACTION_PROTECT, is_outbound=0) e4 = VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, self.pg0.local_addr[addr_type], self.pg0.local_addr[addr_type], remote_tun_if_host, remote_tun_if_host, 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT, priority=20) objs = objs + [e1, e2, e3, e4] for o in objs: o.add_vpp_config() self.net_objs = self.net_objs + objs def config_ah_tra(self, params): addr_type = params.addr_type scapy_tra_sa_id = params.scapy_tra_sa_id scapy_tra_spi = params.scapy_tra_spi vpp_tra_sa_id = params.vpp_tra_sa_id vpp_tra_spi = params.vpp_tra_spi auth_algo_vpp_id = params.auth_algo_vpp_id auth_key = params.auth_key crypt_algo_vpp_id = params.crypt_algo_vpp_id crypt_key = params.crypt_key addr_any = params.addr_any addr_bcast = params.addr_bcast flags = params.flags | (VppEnum.vl_api_ipsec_sad_flags_t. IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY) e = VppEnum.vl_api_ipsec_spd_action_t objs = [] params.tra_sa_in = VppIpsecSA(self, scapy_tra_sa_id, scapy_tra_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_ah_protocol, flags=flags) params.tra_sa_out = VppIpsecSA(self, vpp_tra_sa_id, vpp_tra_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_ah_protocol, flags=flags) objs.append(params.tra_sa_in) objs.append(params.tra_sa_out) objs.append(VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id, addr_any, addr_bcast, addr_any, addr_bcast, socket.IPPROTO_AH)) objs.append(VppIpsecSpdEntry(self, self.tra_spd, scapy_tra_sa_id, addr_any, addr_bcast, addr_any, addr_bcast, socket.IPPROTO_AH, is_outbound=0)) objs.append(VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id, self.tra_if.local_addr[addr_type], self.tra_if.local_addr[addr_type], self.tra_if.remote_addr[addr_type], self.tra_if.remote_addr[addr_type], 0, priority=10, policy=e.IPSEC_API_SPD_ACTION_PROTECT, is_outbound=0)) objs.append(VppIpsecSpdEntry(self, self.tra_spd, scapy_tra_sa_id, self.tra_if.local_addr[addr_type], self.tra_if.local_addr[addr_type], self.tra_if.remote_addr[addr_type], self.tra_if.remote_addr[addr_type], 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT, priority=10)) for o in objs: o.add_vpp_config() self.net_objs = self.net_objs + objs class TemplateIpsecAh(ConfigIpsecAH): """ Basic test for IPSEC using AH transport and Tunnel mode TRANSPORT MODE:: --- encrypt --- |pg2| <-------> |VPP| --- decrypt --- TUNNEL MODE:: --- encrypt --- plain --- |pg0| <------- |VPP| <------ |pg1| --- --- --- --- decrypt --- plain --- |pg0| -------> |VPP| ------> |pg1| --- --- --- """ @classmethod def setUpClass(cls): super(TemplateIpsecAh, cls).setUpClass() @classmethod def tearDownClass(cls): super(TemplateIpsecAh, cls).tearDownClass() def setUp(self): super(TemplateIpsecAh, self).setUp() self.config_network(self.params.values()) def tearDown(self): self.unconfig_network() super(TemplateIpsecAh, self).tearDown() class TestIpsecAh1(TemplateIpsecAh, IpsecTcpTests): """ Ipsec AH - TCP tests """ pass class TestIpsecAh2(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests): """ Ipsec AH w/ SHA1 """ pass class TestIpsecAhTun(TemplateIpsecAh, IpsecTun46Tests): """ Ipsec AH - TUN encap tests """ def setUp(self): self.ipv4_params = IPsecIPv4Params() self.ipv6_params = IPsecIPv6Params() c = (VppEnum.vl_api_tunnel_encap_decap_flags_t. TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP) c1 = c | (VppEnum.vl_api_tunnel_encap_decap_flags_t. TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_ECN) self.ipv4_params.tun_flags = c self.ipv6_params.tun_flags = c1 super(TestIpsecAhTun, self).setUp() def gen_pkts(self, sw_intf, src, dst, count=1, payload_size=54): # set the DSCP + ECN - flags are set to copy only DSCP return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) / IP(src=src, dst=dst, tos=5) / UDP(sport=4444, dport=4444) / Raw(b'X' * payload_size) for i in range(count)] def gen_pkts6(self, p, sw_intf, src, dst, count=1, payload_size=54): # set the DSCP + ECN - flags are set to copy both return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) / IPv6(src=src, dst=dst, tc=5) / UDP(sport=4444, dport=4444) / Raw(b'X' * payload_size) for i in range(count)] def verify_encrypted(self, p, sa, rxs): # just check that only the DSCP is copied for rx in rxs: self.assertEqual(rx[IP].tos, 4) def verify_encrypted6(self, p, sa, rxs): # just check that the DSCP & ECN are copied for rx in rxs: self.assertEqual(rx[IPv6].tc, 5) class TestIpsecAhTun2(TemplateIpsecAh, IpsecTun46Tests): """ Ipsec AH - TUN encap tests """ def setUp(self): self.ipv4_params = IPsecIPv4Params() self.ipv6_params = IPsecIPv6Params() self.ipv4_params.dscp = 3 self.ipv6_params.dscp = 4 super(TestIpsecAhTun2, self).setUp() def gen_pkts(self, sw_intf, src, dst, count=1, payload_size=54): # set the DSCP + ECN - flags are set to copy only DSCP return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) / IP(src=src, dst=dst, tos=0) / UDP(sport=4444, dport=4444) / Raw(b'X' * payload_size) for i in range(count)] def gen_pkts6(self, p, sw_intf, src, dst, count=1, payload_size=54): # set the DSCP + ECN - flags are set to copy both return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) / IPv6(src=src, dst=dst, tc=0) / UDP(sport=4444, dport=4444) / Raw(b'X' * payload_size) for i in range(count)] def verify_encrypted(self, p, sa, rxs): # just check that only the DSCP is copied for rx in rxs: self.assertEqual(rx[IP].tos, 0xc) def verify_encrypted6(self, p, sa, rxs): # just check that the DSCP & ECN are copied for rx in rxs: self.assertEqual(rx[IPv6].tc, 0x10) class TestIpsecAhHandoff(TemplateIpsecAh, IpsecTun6HandoffTests, IpsecTun4HandoffTests): """ Ipsec AH Handoff """ pass class TestIpsecAhAll(ConfigIpsecAH, IpsecTra4, IpsecTra6, IpsecTun4, IpsecTun6): """ Ipsec AH all Algos """ def setUp(self): super(TestIpsecAhAll, self).setUp() def tearDown(self): super(TestIpsecAhAll, self).tearDown() def test_integ_algs(self): """All Engines SHA[1_96, 256, 384, 512] w/ & w/o ESN""" # foreach VPP crypto engine engines = ["ia32", "ipsecmb", "openssl"] algos = [{'vpp': VppEnum.vl_api_ipsec_integ_alg_t. IPSEC_API_INTEG_ALG_SHA1_96, 'scapy': "HMAC-SHA1-96"}, {'vpp': VppEnum.vl_api_ipsec_integ_alg_t. IPSEC_API_INTEG_ALG_SHA_256_128, 'scapy': "SHA2-256-128"}, {'vpp': VppEnum.vl_api_ipsec_integ_alg_t. IPSEC_API_INTEG_ALG_SHA_384_192, 'scapy': "SHA2-384-192"}, {'vpp': VppEnum.vl_api_ipsec_integ_alg_t. IPSEC_API_INTEG_ALG_SHA_512_256, 'scapy': "SHA2-512-256"}] flags = [0, (VppEnum.vl_api_ipsec_sad_flags_t. IPSEC_API_SAD_FLAG_USE_ESN)] # # loop through the VPP engines # for engine in engines: self.vapi.cli("set crypto handler all %s" % engine) # # loop through each of the algorithms # for algo in algos: # with self.subTest(algo=algo['scapy']): for flag in flags: # # setup up the config paramters # self.ipv4_params = IPsecIPv4Params() self.ipv6_params = IPsecIPv6Params() self.params = {self.ipv4_params.addr_type: self.ipv4_params, self.ipv6_params.addr_type: self.ipv6_params} for _, p in self.params.items(): p.auth_algo_vpp_id = algo['vpp'] p.auth_algo = algo['scapy'] p.flags = p.flags | flag # # configure the SPDs. SAs, etc # self.config_network(self.params.values()) # # run some traffic. # An exhautsive 4o6, 6o4 is not necessary for each algo # self.verify_tra_basic6(count=17) self.verify_tra_basic4(count=17) self.verify_tun_66(self.params[socket.AF_INET6], count=17) self.verify_tun_44(self.params[socket.AF_INET], count=17) # # remove the SPDs, SAs, etc # self.unconfig_network() if __name__ == '__main__': unittest.main(testRunner=VppTestRunner)